1. Field of the Invention
The present invention relates to the field of computer systems. More specifically, the present invention relates to data security on computer systems.
2. Background Information
Existing methods of preventing unauthorized write access to nonvolatile storage such as FLASH memory typically rely on xe2x80x9csecretxe2x80x9d access methods to a write enable circuit. These xe2x80x9csecretxe2x80x9d access methods to the write enable circuit can be reverse-engineered through the use of standard debugging hardware. Once reverse engineered, a person will be able to produce code that can write to the xe2x80x9cprotectedxe2x80x9d non-volatile storage at will. If the code is used in a malicious manner, it can be used to introduce viruses into the xe2x80x9cprotectedxe2x80x9d non-volatile storage or even destroy the content of the non-volatile storage.
Thus, it is desirable to have a more robust approach to preventing unauthorized access to non-volatile storage, in particular, an approach that does not rely on the access method not being known. As will be described in more detail below, the present invention achieves these and other desirable results.
In accordance to the present invention, an electronic signature is generated in a predetermined manner and attached to a transferable unit of write data, to facilitate authenticating the write data before allowing the write data to be written into a protected non-volatile storage. The write data is authenticated using a collection of secured authentication functions. Additionally, the actual writing of the authenticated write data into the protected non-volatile storage is performed by a secured copy utility.
The electronic signature is functionally dependent on the content of the write data, and the predetermined manner of generating the electronic signature is reproducible during write time. In one embodiment, the electronic signature is generated by the creator of the write data, by generating a digest based on the content of the write data using a message digest function, and then encrypting the generated digest with a secret private key using an encryption function.
The collection of secured authentication functions include a secured corresponding copy of the message digest function, and a secured complementary decryption function. During operation, the secured decryption function reconstitutes the original digest by decrypting the electronic signature with a secured complementary public key, while the secured copy of the message digest function generates another digest based on the content of the write data to be authenticated. The two digests are compared using a secured comparison function. If the two digests pass the comparison, the secured copy utility is invoked to copy the authenticated write data into the protected non-volatile storage, otherwise, the write data are rejected.
In one embodiment, the authentication functions are secured by copying them into a normally unavailable system management memory during system initialization. The authentication functions are invoked using a system management interrupt (SMI), which when asserted, automatically maps the system management memory into the normal system memory space. A non-volatile memory write security circuitry is provided to qualify a memory write signal provided to the protected non-volatile storage, and to generate the SM whenever a write to the protected non-volatile storage is requested.